Skip to main content
SpringerLink
Log in

A Security-enabled Grid System for MINDS Distributed Data Mining

  • Published:
Journal of Grid Computing Aims and scope Submit manuscript

Abstract

Interest has been increasing in mining information from a huge amount of data for various purposes such as business processes, scientific discoveries, and security. MINDS (Minnesota INtrusion Detection System) is a tool utilizing data mining techniques to identify both known and unknown network intrusions. While performing well with a high degree of accuracy in detecting intrusions, MINDS is intrinsically limited due to its centralized design. At the same time, there are increasing needs for coordinating multiple distributed sites to find correlations of suspicious events and for sharing distributed anomaly data in different administrative domains since network intrusions become more sophisticated and harder to identify by a single site analysis. In this work, we consider a distributed model of MINDS to eliminate the limitations that the current MINDS suffers from due to its centralized nature. We utilize Grid technologies to achieve the distribution of services. In addition, we develop security frameworks for authentication and access control since it is important to preserve privacy and sensitivity of data regardless of distribution. To verify the feasibility of our approach, we also present our experimental results conducted in a local testbed with four nodes and in a wide-area setting in PlanetLab with 20 nodes geographically dispersed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P., Srivastava, J., Kumar, V., Dokas, P: The MINDS - Minnesota Intrusion Detection System, “Next Generation Data Mining”. MIT Press (2004)

  2. Dokas, P., Ertoz, L., Kumar, V., Lazarevic, A., Srivastava, J., Tan, P.: Data Mining for Network Intrusion Detection. In: Proc. NSF Workshop on Next Generation Data Mining, Baltimore, MD (November 2002)

  3. Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. International J. Supercomputer Applications 15(3) (2001)

  4. Foster, I., Kesselman, C., Nick, J., Tuecke, S.: The Physiology of the Grid: An Open Grid Services Architecture for Distributed Systems Integration. Open Grid Service Infrastructure WG, GGF (June 2002)

  5. OASIS Reference Model for Service Oriented Architecture 1.0, http://docs.oasis-open.org/soa-rm/v1.0/soa-rm.html (October 2006)

  6. Simple Object Access Protocol, http://www.w3.org/TR/soap/ (April 2007)

  7. Universal Description, Discovery, & Integration, http://www.uddi.org/specification.html (July 2002)

  8. Web Services Definition Language, http://www.w3.org/TR/wsdl (March 2001)

  9. I. Foster and C. Kesselman, Globus: A Metacomputing Infrastructure Toolkit, International Journal of Supercomputing Applications, 11(2), 1997.

  10. The WS-Resource Framework, http://www.globus.org/wsrf/ (April 2006)

  11. Web Services Resource Framework (WSRF) – Primer v1.2, http://docs.oasis-open.org/wsrf/wsrf-primer-1.2-primer-cd- 02.pdf, May 2006.

  12. Globus GT4: www.globus.org, 2006.

  13. Weissman, J, Kim, S, England, D: A Framework for Dynamic Service Adaptation in the Grid: Next Generation Software Program Progress Report. NGS NSF Workshop, in conjunction with IPDPS (2005)

  14. Weissman, Jon, Kim, Seonho, England, Darin: A Dynamic Grid Service Architecture. In: IEEE International Symposium on Cluster Computing and the Grid (CCGrid2005), Cardiff, UK (May 2005)

  15. Lee, B., Weissman, J.B.: Adaptive Resource Selection for Grid-Enabled Network Services. In: 2nd IEEE International Symposium on Network Computing and Applications (April 2003)

  16. Kim, S, Weissman, J: A Genetic Algorithm based Approach for Scheduling Decomposable Data Grid Applications. In: IEEE International Conference on Parallel Processing (August 2004)

  17. England, D., Weissman, J.B.: A Stochastic Control Model for the Deployment of Dynamic Grid Services. In: 5th IEEE/ACM International Workshop on Grid Computing (2004)

  18. England, D., Weissman, J.B.: A Resource Leasing Policy for On-Demand Computing (2005). invited to the International Journal of High Performance Computing and Applications (IJHPCA)

  19. Neuman, C.B., Ts’o T.: Kerboros: An Authentication Service for Computer Networks. IEEE Communications 32(9), 33–38 (September 1994)

  20. Simple Authentication and Security Layer, Internet Engineering Task Force RFC-4222, http://www.ietf.org/rfc/rfc4422.txt (June 2006)

  21. Generic Security Services API, Internet Engineering Task Force RFC2743, http://www.ietf.org/rfc/rfc2743.txt (January 2000)

  22. The Transport Layer Security Protocol Version 1.0, IETF RFC 2246, http://www.ietf.org/rfc/rfc2246.txt (January 1999)

  23. The Secure Sockets Layer (SSL) 3.0 specification, http://wp.netscape.com/eng/ssl3/draft302.txt (August 2011)

  24. ITU-T Recommendation X.509: Information Technology – Open Systems Interconnection – The Directory: Authentication Framework

  25. Sandhu, R., Coyne, E. J., Feinstein, H. L., Youman, C. E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  26. Ferraiolo, D., Kuhn, R.: Role-Based Access Control, Proc. In: 15th National Computer Security Conference. (1992)

  27. Loscocco, P., Smalley, S., Muckelbauer, P., Taylor, R., Farrell, J.: The Inevitability of Failure: The flawed assumption of security in modern computing environment. In: Proceedings of the 21st national Information Systems Security Conference, pp p303–314 (1998)

  28. Lampson, B: Protection. In: 5th Princeton Symposium on Information Sciences and Systems, pp 437–443 (1971)

  29. Arenas, A.E., et al.. In: Proc. UK e-Science All Hands Meeting. The Design and Implementation of Grid Database Services in OGSA-DAI (2003)

  30. The OGSA-DAI project, http://www.ogsadai.org.uk/ (2002)

  31. Josh, J.B.D., Bhatti, R., Bertino, E., Ghafoor, A.: Access Control Language for Multidomain Environment. IEEE Internet Computing, 40–50 (2004)

  32. Shafiq, B., Joshi, J.B.D., Bertino, E., Ghafoor, A.: Secure Interoperation in a Multidomain Environment Employing RBAC Policies. IEEE Transactions on Knowledge and Data Engineering 17(11), 1557–1577 (2005)

    Article  Google Scholar 

  33. Zhang, X., Li, Q., Seifert, J.P, Xu, M.: Flexible Authorization with Decentralized Access Control Model for Grid Computing. In: IEEE High Assurance Systems Engineering Symposium (HASE), pp 156–165 (2007)

  34. Cannataro, M., et al: Distributed Data Mining on Grids: Services, Tools, and Applications. IEE Transactions on Systems, Man, and Sybernetics 6, 34 (December 2004)

    Google Scholar 

  35. Cannataro, M., Talia, D.: The Knowledge Grid. Communications of the ACM 46(1), 89–93 (2003)

    Article  Google Scholar 

  36. Kargupta, H., Chan, P.: Advances in Distributed and Parallel Knowledge Discovery. MIT Press, Cambridge, MA (2000)

    Google Scholar 

  37. Park, B., Kargupta, H.: Distributed Data Mining: Algorithms, Systems and Applications, Data Mining Handbook (2002)

  38. Berman, F.: From TeraGrid to Knowledge Grid. Communication of ACM 44(11), 27–28 (2001)

    Article  Google Scholar 

  39. Project: GEDDM (Grid Enabled Distributed Data Mining), http://www.omii.ac.uk/repository/project.jhtml?pid=134 (2007)

  40. The ePCRN (electronic Primary Care Research Network) Project, http://www.epcrn.org/ (2007)

  41. Pereira, A L., Muppavarapu, V, Chung, S M: Managing Role-Based Access Control Policies for Grid Databases in OGSA-DAI Using CAS. J. Grid Comput. 5(1), 65–81 (2007)

    Article  Google Scholar 

  42. Muppavarapu, V, Chung, S M: Role-Based Access Control in a Data Grid Using the Storage Resource Broker and Shibboleth. Journal of Grid Computing 7(2), 265–283 (2009)

    Article  Google Scholar 

  43. Lang, B, Foster, I T., Siebenlist, F, Ananthakrishnan, R., Freeman, T: A Flexible Attribute Based Access Control Method for Grid Computing. Journal of Grid Computing 7(2), 169–180 (2009)

    Article  Google Scholar 

  44. Osborn, S., Sandhu, R., Munawar, Q.: Configuring Role-based Access Control to enforce Mandatory and Discretionary Access Control Polices. ACM Transactions on Information and System Security (TISSEC) 3, 85–106 (2000)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, University of Minnesota, Twin Cities, 200 Union St, Minneapolis, MN, 55455, USA

    Seonho Kim & Jon B. Weissman

  2. Department of Computer Science and Information Systems, Texas A&M University-Commerce, PO Box 3011, Commerce, TX, 75428, USA

    Jinoh Kim

Authors
  1. Seonho Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jinoh Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jon B. Weissman
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jinoh Kim.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kim, S., Kim, J. & Weissman, J.B. A Security-enabled Grid System for MINDS Distributed Data Mining. J Grid Computing 12, 521–542 (2014). https://doi.org/10.1007/s10723-014-9303-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10723-014-9303-x

Keywords

Search

Navigation